python · willingc · Oct 30, 2024 · Apr 30, 2024 · May 6, 2024 · May 6, 2024
diff --git a/Doc/library/functions.rst b/Doc/library/functions.rst
@@ -562,6 +562,11 @@ are always available.  They are listed here in alphabetical order.
       >>> eval('x+1')
       2
 
+   .. warning::
+
+      Because this function can be used for executing arbitrary code, it is not recommended
+      to pass user-supplied input, which may lead to security vulnerabilities.
+
    This function can also be used to execute arbitrary code objects (such as
    those created by :func:`compile`).  In this case, pass a code object instead
    of a string.  If the code object has been compiled with ``'exec'`` as the
@@ -587,6 +592,11 @@ are always available.  They are listed here in alphabetical order.
 
 .. function:: exec(object, globals=None, locals=None, /, *, closure=None)
 
+   .. warning::
+
+      Because this function can be used for executing arbitrary code, it is not recommended
+      to pass user-supplied input, which may lead to security vulnerabilities.
+
    This function supports dynamic execution of Python code. *object* must be
    either a string or a code object.  If it is a string, the string is parsed as
    a suite of Python statements which is then executed (unless a syntax error